Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'WAVE'
2017-04-21
CVE-2016-1520
CWE-254
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.
CVE-2016-1519
CWE-295
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.
CVE-2016-1518
CWE-284
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/.
>>>
Vendor:
Grandstream
29
Products
Budgetone
Budgetone 101
Budgetone 102
Gxp-2000
Budgetone 200
Sip phone
Ht488
Gxv3500
Gxv3501
Gxv3504
Gxv3601
Gxv3601hd/ll
Gxv3611hd/ll
Gxv3615w/p
Gxv3615wp hd
Gxv3651fhd
Gxv3662hd
Gxv device firmware
Gxv3611 hd firmware
WAVE
Ht802 firmware
Gxp1610 firmware
Gxp1615 firmware
Gxp1620 firmware
Gxp1625 firmware
Gxp1628 firmware
Gxp1630 firmware
Gac2500 firmware
Gxp2200 firmware
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'WAVE' 